function replace_user_action() { global $lang, $config; require_once $config['basepath'] . '/include/login.inc.php'; $login = new login(); switch ($_GET['action']) { case 'index': $_GET['PageID'] = 1; require_once $config['basepath'] . '/include/page_display.inc.php'; $search = new page_display(); $data = $search->display(); break; case 'member_login': $data = $login->display_login('Member'); break; case 'search_step_2': require_once $config['basepath'] . '/include/search.inc.php'; $search = new search_page(); $data = $search->create_searchpage(); break; case 'searchpage': require_once $config['basepath'] . '/include/search.inc.php'; $search = new search_page(); $data = $search->create_search_page_logic(); break; case 'searchresults': require_once $config['basepath'] . '/include/search.inc.php'; $search = new search_page(); $data = $search->search_results(); break; case 'listingview': require_once $config['basepath'] . '/include/listing.inc.php'; $listing = new listing_pages(); $data = $listing->listing_view(); break; case 'addtofavorites': require_once $config['basepath'] . '/include/members_favorites.inc.php'; $listing = new membersfavorites(); $data = $listing->addtofavorites(); break; case 'view_favorites': require_once $config['basepath'] . '/include/members_favorites.inc.php'; $listing = new membersfavorites(); $data = $listing->view_favorites(); break; case 'view_saved_searches': require_once $config['basepath'] . '/include/members_search.inc.php'; $listing = new memberssearch(); $data = $listing->view_saved_searches(); break; case 'save_search': require_once $config['basepath'] . '/include/members_search.inc.php'; $listing = new memberssearch(); $data = $listing->save_search(); break; case 'delete_search': require_once $config['basepath'] . '/include/members_search.inc.php'; $listing = new memberssearch(); $data = $listing->delete_search(); break; case 'delete_favorites': require_once $config['basepath'] . '/include/members_favorites.inc.php'; $listing = new membersfavorites(); $data = $listing->delete_favorites(); break; case 'page_display': require_once $config['basepath'] . '/include/page_display.inc.php'; $search = new page_display(); $data = $search->display(); break; case 'calculator': require_once $config['basepath'] . '/include/calculators.inc.php'; $calc = new calculators(); $data = $calc->start_calc(); break; case 'view_listing_image': require_once $config['basepath'] . '/include/images.inc.php'; $image = new image_handler(); $data = $image->view_image('listing'); break; case 'view_user_image': require_once $config['basepath'] . '/include/images.inc.php'; $image = new image_handler(); $data = $image->view_image('userimage'); break; case 'rss_featured_listings': require_once $config['basepath'] . '/include/rss.inc.php'; $rss = new rss(); $data = $rss->rss_view('featured'); break; case 'rss_lastmodified_listings': require_once $config['basepath'] . '/include/rss.inc.php'; $rss = new rss(); $data = $rss->rss_view('lastmodified'); break; case 'view_user': require_once $config['basepath'] . '/include/user.inc.php'; $user = new user(); $data = $user->view_user(); break; case 'view_users': require_once $config['basepath'] . '/include/user.inc.php'; $user = new user(); $data = $user->view_users(); break; case 'edit_profile': require_once $config['basepath'] . '/include/user_manager.inc.php'; if (!isset($_GET['user_id'])) { $_GET['user_id'] = 0; } $user_managment = new user_managment(); $data = $user_managment->edit_member_profile($_GET['user_id']); break; case 'signup': if (isset($_GET['type'])) { require_once $config['basepath'] . '/include/user_manager.inc.php'; $listing = new user_managment(); $data = $listing->user_signup($_GET['type']); } break; case 'show_vtour': if (isset($_GET['listingID'])) { require_once $config['basepath'] . '/include/vtour.inc.php'; $vtour = new vtours(); $data = $vtour->show_vtour($_GET['listingID']); } else { $data = 'No Listing ID'; } break; case 'contact_friend': require_once $config['basepath'] . '/include/contact.inc.php'; $contact = new contact(); if (isset($_GET['listing_id'])) { $data = $contact->ContactFriendForm($_GET['listing_id']); } break; case 'contact_agent': require_once $config['basepath'] . '/include/contact.inc.php'; $contact = new contact(); if (isset($_GET['listing_id']) && isset($_GET['agent_id'])) { $data = $contact->ContactAgentForm($_GET['listing_id'], $_GET['agent_id']); } elseif (isset($_GET['listing_id'])) { $data = $contact->ContactAgentForm($_GET['listing_id'], 0); } elseif (isset($_GET['agent_id'])) { $data = $contact->ContactAgentForm(0, $_GET['agent_id']); } else { $data = ''; } break; case 'create_vcard': require_once $config['basepath'] . '/include/user.inc.php'; $user = new user(); if (isset($_GET['user'])) { $data = $user->create_vcard($_GET['user']); } break; case 'create_download': require_once $config['basepath'] . '/include/files.inc.php'; $files = new file_handler(); if (isset($_GET['ID']) && isset($_GET['file_id']) && isset($_GET['type'])) { $data = $files->create_download($_GET['ID'], $_GET['file_id'], $_GET['type']); } elseif (isset($_POST['ID']) && isset($_POST['file_id']) && isset($_POST['type'])) { $data = $files->create_download($_POST['ID'], $_POST['file_id'], $_POST['type']); } break; case 'blog_index': require_once $config['basepath'] . '/include/blog_display.inc.php'; $blog = new blog_display(); $data = $blog->disply_blog_index(); break; case 'blog_view_article': require_once $config['basepath'] . '/include/blog_display.inc.php'; $blog = new blog_display(); $data = $blog->display(); break; case 'verify_email': require_once $config['basepath'] . '/include/user_manager.inc.php'; $user_manager = new user_managment(); $data = $user_manager->verify_email(); break; default: $addon_name = array(); if (preg_match("/^addon_(.\\S*?)_.*/", $_GET['action'], $addon_name)) { $file = $config['basepath'] . '/addons/' . $addon_name[1] . '/addon.inc.php'; if (file_exists($file)) { include_once $file; $function_name = $addon_name[1] . '_run_action_user_template'; $data = $function_name(); } else { $data = $lang['addon_doesnt_exist']; } } else { $data = ''; } break; } // End switch ($_GET['action']) return $data; }
function loginCheck($priv_level_needed, $internal = false) { global $conn, $config, $lang; // Load misc Class $display = ''; $checked = login::check_login(); if (!$checked and !isset($_POST['user_name'])) { if ($internal !== true) { return login::display_login($priv_level_needed); } else { return false; } } elseif (isset($_POST['user_name'])) { if (!$_POST['user_name'] || !$_POST['user_pass']) { if ($internal !== true) { $display .= $lang['required_field_not_filled']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } /* Spruce up username, check length */ $_POST['user_name'] = trim($_POST['user_name']); if (strlen($_POST['user_name']) > 30) { if ($internal !== true) { $display .= $lang['username_excessive_length']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } /* Checks that username is in database and password is correct */ $md5pass = md5($_POST['user_pass']); $result = login::confirm_user($_POST['user_name'], $md5pass); /* Check error codes */ if ($result == 1) { if ($internal !== true) { $display .= $lang['nonexistent_username']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } else { if ($result == 2) { if ($internal !== true) { $display .= $lang['incorrect_password']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } else { if ($result == 3) { if ($internal !== true) { $display .= $lang['inactive_user']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } } } } if (isset($_POST['user_name']) || $checked) { /* Username and password correct, register session variables */ if (isset($_POST['user_name'])) { $_POST['user_name'] = stripslashes($_POST['user_name']); $_SESSION['username'] = $_POST['user_name']; $_SESSION['userpassword'] = $md5pass; } require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $username = $misc->make_db_safe($_SESSION['username']); $sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_user_name= ' . $username; $recordSet = $conn->Execute($sql); $_SESSION['userID'] = $recordSet->fields['userdb_id']; $_SESSION['admin_privs'] = $recordSet->fields['userdb_is_admin']; $_SESSION['active'] = $recordSet->fields['userdb_active']; $_SESSION['isAgent'] = $recordSet->fields['userdb_is_agent']; $_SESSION['featureListings'] = $recordSet->fields['userdb_can_feature_listings']; $_SESSION['viewLogs'] = $recordSet->fields['userdb_can_view_logs']; $_SESSION['moderator'] = $recordSet->fields['userdb_can_moderate']; $_SESSION['editpages'] = $recordSet->fields['userdb_can_edit_pages']; $_SESSION['havevtours'] = $recordSet->fields['userdb_can_have_vtours']; $_SESSION['havefiles'] = $recordSet->fields['userdb_can_have_files']; $_SESSION['is_member'] = 'yes'; // Removed in 2.1 // $_SESSION['editForms'] = $recordSet->fields['userdb_can_edit_forms']; // New Permissions with OR 2.1 $_SESSION['edit_site_config'] = $recordSet->fields['userdb_can_edit_site_config']; $_SESSION['edit_member_template'] = $recordSet->fields['userdb_can_edit_member_template']; $_SESSION['edit_agent_template'] = $recordSet->fields['userdb_can_edit_agent_template']; $_SESSION['edit_listing_template'] = $recordSet->fields['userdb_can_edit_listing_template']; $_SESSION['export_listings'] = $recordSet->fields['userdb_can_export_listings']; $_SESSION['edit_all_listings'] = $recordSet->fields['userdb_can_edit_all_listings']; $_SESSION['edit_all_users'] = $recordSet->fields['userdb_can_edit_all_users']; $_SESSION['edit_property_classes'] = $recordSet->fields['userdb_can_edit_property_classes']; $_SESSION['edit_expiration'] = $recordSet->fields['userdb_can_edit_expiration']; $_SESSION['blog_user_type'] = $recordSet->fields['userdb_blog_user_type']; $_SESSION['can_manage_addons'] = $recordSet->fields['userdb_can_manage_addons']; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ if (isset($_POST['remember'])) { setcookie('cookname', $_SESSION['username'], time() + 60 * 60 * 24 * 100, '/'); setcookie('cookpass', $_SESSION['userpassword'], time() + 60 * 60 * 24 * 100, '/'); } if (!login::verify_priv($priv_level_needed)) { if ($internal !== true) { $display .= $lang['access_denied']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } else { return true; } } }